malibot | b12dd66de4d180d4bbf4ae23f66bac875b3a9da455d9010720f0840541366490

Resubmissions

22-09-2022 05:59

220922-gpshqsdhcq 10

04-07-2022 03:32

30-06-2022 05:11

28-06-2022 09:39

21-06-2022 09:05

Analysis

max time kernel
1674165s
max time network
163s
platform
android_x64
resource
android-x64-20220823-en
resource tags

androidarch:x64arch:x86image:android-x64-20220823-enlocale:en-usos:android-10-x64system
submitted
22-09-2022 05:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

cryptoapp.apk
Size

3.7MB
MD5

520855bdec84895dd57eb97e5f30b6e3
SHA1

51428eaafc0d544da9a56ba00b8c9c774a01153f
SHA256

b12dd66de4d180d4bbf4ae23f66bac875b3a9da455d9010720f0840541366490
SHA512

b608aa376c1919cfad95d1ec31943b9350f8c25d30f60610dd1263e08b75fb5c400e635aee815fa29d186b9887e57b5cbb592e67d2e987a858e53e5f3d7c7e26
SSDEEP

98304:Yc4aG4U0q90ueyK2KvJ+1uznRUGNlytq4hh4RCNpp5rbMkt:Y1P4IBH90zhQqrRC7n/t

Score

10^/10

malibot banker infostealer trojan

Malware Config

Signatures

malibot
Malibot is an Android banking malware with the ability to bypass 2FA/MFA codes.
infostealer trojan banker malibot
Looks up external IP address via web service 3 IoCs
Uses a legitimate IP lookup service to find the infected system's external IP.

Processes:

flow ioc

35 icanhazip.com
50 icanhazip.com
51 icanhazip.com

flow	ioc
35	icanhazip.com
50	icanhazip.com
51	icanhazip.com

werwerwee.qwetrydsf.yfdefes
1⤵
PID:4839

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

/data/user/0/werwerwee.qwetrydsf.yfdefes/databases/app_icons.db
Filesize
1.4MB

MD5
9b3807b2b02df60afc57aeb7848b5861

SHA1
157b7b0cc3a47253aa0005c3cfff0ee56a904da7

SHA256
c60a253f4eea947b035678c46050d869ea076d3c466805d4120a7db9e30b75e6

SHA512
0407cca3ecb8e79e802173c764efe548144be81281a06aac4c88e3f8126342ae6a141806cafb8458fe50cf57673f4aa7ccd6af74929db26f20f84a9441adf1eb

Download Submit
/data/user/0/werwerwee.qwetrydsf.yfdefes/databases/app_icons.db-journal
Filesize
1KB

MD5
a34a7d17a00291d7b934254b9cb8e0df

SHA1
d2bd7add8fca50e26343f4e8a1981b22afd8460f

SHA256
82ee2f575edf8af9ef76f217e3399a48df86d3af47fe9c02211c4fffe66a2163

SHA512
19b0650348470c17d15678865825bf43907ee181e6ceda35cd747ead1be8af0fbadd6ce524cdc3c3dc5d6009bbea92702ac470a0e73dcbd9bfac7a7ee1749a06

Download Submit
/data/user/0/werwerwee.qwetrydsf.yfdefes/databases/launcher.db
Filesize
184KB

MD5
0660efea872a9fa8b1be83e7c478533f

SHA1
a47e63b4b6ad3e3afadcbb73a957b13ef095d072

SHA256
105224c36a475fe2e5b7b6916038f552cdd9f1ec7b771a631a0e6c42ed7e8942

SHA512
73f9e4c3a5dee7dae1bd6991a7eaec5a669fdb3c3006f8895f7892c4e0b7f7897c22f6778a33933a0f006489f5769694d1518142a49175e644d036edaf02d5aa

Download Submit
/data/user/0/werwerwee.qwetrydsf.yfdefes/databases/launcher.db-journal
Filesize
1KB

MD5
18de798542fded289c892ffc8833caa6

SHA1
33e0b6fef5d054705a4237d236ae46cf52855e88

SHA256
a5dfe3bae07a5d49c4079f5e8009b3fe3952710a64bcfe842ccb53ecebd612b1

SHA512
bcd4c0ace68f77b40a6e71719bf507abebc85b763a3c0c390c26eb8ef5fac2bf2290c7ac234a0696018337fa9dbf3f2a05d3c77c109fc150e79b9e14a98f0c17

Download Submit
/data/user/0/werwerwee.qwetrydsf.yfdefes/databases/widgetpreviews.db
Filesize
72KB

MD5
e14ecf37ac4e0141a761e05e83c52d10

SHA1
83beea637b3ed3071ad86337113ed3f911ef1f97

SHA256
86c382b3414ef54712b27832b0f4f40d70fd34135e02889b3a37c24a2e1dfbe8

SHA512
8d14128e4d7a75bced9aa9803fe80cb77277f626dba50206917527677d31ba07f086aeb53153bf5da6196e04ce357b9864305d7e0fedc0382feac4d95b845d97

Download Submit
/data/user/0/werwerwee.qwetrydsf.yfdefes/databases/widgetpreviews.db-journal
Filesize
1KB

MD5
c349b9cb7274f0a116dc12a7512466e3

SHA1
3279d3ffce60f590beac29fd7c6c7e55d45f1430

SHA256
c9ad59d43bbdba6b65fcc77e4bad752a6f8dd0398ef4d2568583b11e477b7bb9

SHA512
c3553a6e56ab9312148cb6e3462b3a799746141aa33e1751980c73c3df7be5aa44766ea3febc5f05c0da8a72b69bbaf66a5a10a2a4af8e9026509a46f44d0acc

Download Submit
/data/user/0/werwerwee.qwetrydsf.yfdefes/files/downgrade_schema.json
Filesize
1KB

MD5
70435833064f71228d8d001901b56873

SHA1
2d68b64360bb323366fadab675f387c74b42a23a

SHA256
73353cdbb7fbf2ee224948f35a950ad7bbaad5269b59471e690b34988ecc19e2

SHA512
fb7642c1c01aeacc3d5748b8be977ef272e7e9325cfd9e64b8638d4be84ff030cab8483a92ea677ffc246223df81e4b2c544e121943ac9acc8e79b6255b5b55a

Download Submit
/data/user/0/werwerwee.qwetrydsf.yfdefes/shared_prefs/com.android.launcher3.device.prefs.xml
Filesize
140B

MD5
01284865f6e6300b041bc265c22022de

SHA1
9a02a931ce5b86e43b12068fce67176413f7e03c

SHA256
98c0fdef33b0793f97e87fd9fbe3eb71355390adc38f65f528923ffaf6d9f17f

SHA512
be44c48e972d52fbfb2ef0196340610c1b24ba236af2d74e9e350e9a7c9aea8eac97bb8a140973de792d43adef1e45806babcf05dd10e5085fa304e649cd9e52

Download Submit
/data/user/0/werwerwee.qwetrydsf.yfdefes/shared_prefs/com.android.launcher3.managedusers.prefs.xml
Filesize
65B

MD5
9781ca003f10f8d0c9c1945b63fdca7f

SHA1
4156cf5dc8d71dbab734d25e5e1598b37a5456f4

SHA256
3325d2a819fdd8062c2cdc48a09b995c9b012915bcdf88b1cf9742a7f057c793

SHA512
25a9877e274e0e9df29811825bd4f680fa0bf0ae6219527e4f1dcd17d0995d28b2926192d961a06ee5bef2eed73b3f38ec4ffdd0a1cda7ff2a10dc5711ffdf03

Download Submit
/data/user/0/werwerwee.qwetrydsf.yfdefes/shared_prefs/com.android.launcher3.prefs.xml
Filesize
128B

MD5
20837fd8daf2a2de8d6c4ccd8e90653a

SHA1
7ac08617bd4585151c239325aea243d9eca586f7

SHA256
e05f0ae0ee70ef2efac07e999da273b5f506462b67549f9080f6cdf469d70cec

SHA512
a4fd7ac1ce847a84fe4f47c2e7079f00b16b86213fe840b70e3a55992a043da99ca6fe1c9a723e709e2ee3985ed3b7c5a299d1cf5b29e8228f3f81d3cbb6876a

Download Submit
/data/user/0/werwerwee.qwetrydsf.yfdefes/shared_prefs/com.android.launcher3.prefs.xml
Filesize
187B

MD5
40629fd218a1921144fccde51155abc1

SHA1
259981316f38f3b538443eac60839b8b0268c774

SHA256
edc51de6ea378118e3aee11c10db88b84059deeaaed9434cfe4154d73b149306

SHA512
013143b1efeca433127b20ae5ff045259ff19ce90729a66c218921d825293038747f5251043fd511533263eddb8f7ada758b75f62981044da872e2e5322b0943

Download Submit
/data/user/0/werwerwee.qwetrydsf.yfdefes/shared_prefs/com.android.launcher3.prefs.xml
Filesize
405B

MD5
67dce169e73475e1eb94437105689584

SHA1
6a473b4cb597088f9766ea6e5ed49378b3b2e6c4

SHA256
8ee6d0d12cc6588a8d0463a9213e43aa5b73906b79d403b682bf6f5c737c2154

SHA512
f10935fcc230e9c15b3d25d74ad4248381c49fa0e4228c005cfa3e2f9612d41af3bff1884f654e0f728da935dd5019cbe0ccafb2bc223560b6025ebe70dc532f

Download Submit
/data/user/0/werwerwee.qwetrydsf.yfdefes/shared_prefs/com.android.launcher3.prefs.xml
Filesize
344B

MD5
40e6801daac7f1acd559c527a34cdf6d

SHA1
832ac9144f5b1d76b309c0228e63d0878e8a8f7d

SHA256
a7d09131de77bab23af3f8f10290af517d6f0bafe3c0257b108edf837f3097e5

SHA512
77a0e86e62336afda48a3d51c2b4a79e32003a77efcccb0f2619e827c787701c258e8b29bcf3f994555d00a05e8039f2461caec57fef90e7a631f99d9630a1db

Download Submit
/data/user/0/werwerwee.qwetrydsf.yfdefes/shared_prefs/com.android.launcher3.prefs.xml
Filesize
403B

MD5
a44c2fb81476599162792952dc18e93d

SHA1
8b2dd43570ac7ccda7648c90f13788c1d507e51c

SHA256
8f27506efdf280d6a67f8cd3fd10307cc597e7dd40315f0cb100b171e432b0a7

SHA512
fe17a9cb751a4c4c7185e178b66a91e1113e4bddaa49429a0d36e1e2137a08d0bd8ec5531602debd1ae6e48a8e7a468d5b6ed47d8122608f755809d4b13f1734

Download Submit
/data/user/0/werwerwee.qwetrydsf.yfdefes/shared_prefs/com.android.launcher3.prefs.xml
Filesize
344B

MD5
40e6801daac7f1acd559c527a34cdf6d

SHA1
832ac9144f5b1d76b309c0228e63d0878e8a8f7d

SHA256
a7d09131de77bab23af3f8f10290af517d6f0bafe3c0257b108edf837f3097e5

SHA512
77a0e86e62336afda48a3d51c2b4a79e32003a77efcccb0f2619e827c787701c258e8b29bcf3f994555d00a05e8039f2461caec57fef90e7a631f99d9630a1db

Download Submit

Resubmissions

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads